2

I'm trying to use exec() in PHP and i get different results when using it through a web browser and via the command line shell.

simple thing:

<?php exec('mount 10.0.0.1:/mnt/test /home/user/test', $output) ?>

calling this from a web browser results in nothing being mounted and running it through the command line (php-cli) results in the mount being executed successfully. there are also no errors being returned to the $output array. So I haven't got anything to go by. I'm running the web and cli both as the same user, so it shouldn't be a permissions problem. SElinux is disabled and therefore doesn't block anything. Same thing for the firewall - disabled as well.

How can I make PHP exec() behave the same way in a web browser and via command line?

airtruk
  • 321
  • 3
  • 11
  • 3
    Make sure that the username under which your web server runs has sufficient permissions. –  Jan 21 '13 at 04:05
  • i pretty much gave full permissions to that user. ran the same PHP script from the command line as that user and it works just fine. So i'm a bit baffled. Is there a setting in Apache that prevents certain commands? I can run 'mount' by itself and it does show me all the current mounts through the web. Just can't mount any drive when calling that PHP scripts through the web. – airtruk Jan 21 '13 at 04:11
  • How are you running the web script as a particular user? – Joe Jan 21 '13 at 04:14
  • I assume it runs as the user set for Apache in httpd.conf. which is the same user that I user to run the script at the command line. I can even run with the same results. So it doesn't quite make sense to me – airtruk Jan 21 '13 at 04:17
  • @user1730601 Maybe that's a $PATH problem? Try exec('/path/to/mount ... ') – hek2mgl Jan 21 '13 at 04:36
  • The $PATH variable should not be a problem since I can run mount by itself without any options and I do get the current mounts returned – airtruk Jan 21 '13 at 04:53

1 Answers1

0

You can only mount partitions as root, maybe adding www-data (I'm assuming that's the user running apache) to sudoers will solve the problem but it gives you a BIG security hole. But since you cannot write a password because it's a service, you have to tell not to ask a password to that user.

Add this to the bottom of your sudoers:

www-data ALL=NOPASSWD: ALL

And use the command as

<?php exec('sudo mount 10.0.0.1:/mnt/test /home/user/test', $output) ?>

Obviously this is a security hole like no other has ever been.

One way to avoid it might be to use a queue to put the job and process it with a service that verifies the job is safe and mounts if it has to.

A nice queue that has a php interface is beanstalk

cleek
  • 21
  • 3